wtfastsetup.4.2.5.864.exe

WTFast

AAA Internet Publishing, Inc.

The application wtfastsetup.4.2.5.864.exe, “WTFast Setup ” by AAA Internet Publishing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.wtfast.com.
Publisher:
Initex & AAA Internet Publishing   (signed by AAA Internet Publishing, Inc.)

Product:
WTFast

Description:
WTFast Setup

Version:
4.2.5.864

MD5:
cabdc7f762ccb1fca1b18a7f1dd1f458

SHA-1:
146abbce8c29247f08d89e9c5e6c28c7fa6bf7b4

SHA-256:
047b768c47c643ddeb616f6b070113467fa93ba85401256f386949ac50e30a20

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 1:43:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.2.15.19

File size:
29.1 MB (30,529,520 bytes)

Product version:
4.2.5.864

Copyright:
Copyright © 2009-2016 Initex & AAA Internet Publishing

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/17/2015 3:00:00 AM

Valid to:
3/17/2018 2:59:59 AM

Subject:
CN="AAA Internet Publishing, Inc.", O="AAA Internet Publishing, Inc.", STREET=3248 Stonegate Court, L=West Kelowna, S=BC, PostalCode=V4T 1A7, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
155DDE848F309A85F2E1E27759446899

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
8.0000

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file wtfastsetup.4.2.5.864.exe has been seen being distributed by the following URL.

https://download.wtfast.com/.../wtfast

Remove wtfastsetup.4.2.5.864.exe - Powered by Reason Core Security